What's new in GitLab

Stay updated with our latest features and improvements.

What's new in GitLab 17.7

Dec 19, 2024
Past release

Automated vulnerability resolution, security report grouping, and CI/CD component tracking enhance security workflows and platform observability.

Security workflow intelligence and platform insights

GitLab 17.7 introduces automated vulnerability resolution when threats are no longer detected, vulnerability report grouping for efficient triage, and the new Planner role for more granular access control. CI/CD component usage tracking provides DevOps teams with platform adoption insights across their organization.

Auto-resolve vulnerabilities when not found in subsequent scans

Secure

Configure vulnerability management policies to automatically mark vulnerabilities as Resolved when they're no longer detected by automated scanning. With this automation, teams can:

  • Reduce manual triage workload by automatically closing fixed vulnerabilities.

  • Configure policies to auto-resolve based on specific severity levels or security scanners.

  • Track resolution with activity notes, timestamps, and pipeline references in vulnerability records.

  • Focus security team time on active threats rather than administrative closure tasks.

Vulnerability report grouping

Secure

View vulnerabilities in groups to optimize triage tasks using bulk actions and quickly assess threat patterns. Security teams can:

  • See how many vulnerabilities match specific groups like OWASP Top 10 classifications.

  • Apply bulk status changes to grouped vulnerabilities efficiently

  • Identify vulnerability trends and patterns across their applications.

New Planner user role

Plan

Manage

Access Agile planning capabilities like epics, roadmaps, and Kanban boards with tailored permissions through the new Planner role. This role helps teams:

  • Collaborate effectively on planning without over-provisioning permissions.

  • Maintain workflows aligned with the principle of least privilege.

  • Keep planning activities secure while enabling team collaboration.

Track CI/CD component usage across projects

Build

View which projects use specific CI/CD components across your organization's pipelines through a new GraphQL query. DevOps teams can:

  • Identify outdated component usage for targeted updates.

  • Understand adoption rates of shared CI/CD components.

  • Support component lifecycles by knowing where they're deployed.

  • Make informed decisions about component deprecation or enhancement.